Healthcare

Ohio medical center offline following another security incident in the health sector

It's the second time in a week that a cybersecurity incident has disrupted IT networks at a U.S. hospital.

September 29, 2020

(Getty Images)

A cybersecurity incident has forced the computer systems of an Ohio medical center offline for multiple days and prompted the clinic to postpone elective procedures for patients.

A statement Tuesday from the Ashtabula County Medical Center, which includes a hospital of more than 200 beds, said the emergency department remains open and that outpatient care has continued as outside security experts investigate the disruption.

The medical center did not specify the cause of the security incident, though Wired reported that ransomware was the cause. A spokesperson for the medical center did not respond to a request for comment Tuesday. NBC News first reported on the medical center’s statement.

The disruption at Ashtabula County Medical Center comes as Universal Health Services, which describes itself as one of the largest health care providers in the U.S. grapples with a suspected ransomware attack.

In what has become a familiar refrain in health care organizations’ response to cyberattacks, the Ashtabula County Medical Center said it was implementing back-up plans for operating and that patient data didn’t appear to be compromised. “The safety of our patients and caregivers is always our highest priority and has not been affected by this disruption,” said Michael Habowski, the medical center’s CEO.

The growing dependence of health care facilities on information technology, along with the strain on resources due to the coronavirus pandemic, have made the sector vulnerable to criminal hacking. Earlier this month, a patient in Germany died after being turned away from a hospital that was hit by another ransomware attack.

Allan Liska, a ransomware specialist at threat-intelligence firm Recorded Future, counted more than 70 publicly reported ransomware attacks on health care providers this year — more than in all of 2019.

“Ransomware actors go after health care providers because they are easy, and profitable, targets,” Liska told CyberScoop. “While there are some ransomware groups that won’t target hospitals, most prefer the money and don’t care about the consequences.”

Ohio medical center offline following another security incident in the health sector

More Like This

FTC accuses genetic testing company of exposing sensitive health data

Health care IT workers report increased cyberattacks affecting patient care

Congress rails against UnitedHealth Group after ransomware attack

Top Stories

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

Top Democrat proposes minimum cybersecurity standards in wake of Change Healthcare attack

Health care groups resist cybersecurity rules in wake of landmark breach

ALPHV website goes down amid growing fallout from Change Healthcare attack

Notorious ransomware group claims responsibility for attacks roiling US pharmacies

FBI seizes ALPHV leak website. Hours later, ransomware gang claims it ‘unseized’ it

The key to making the US cyber strategy work: boots on the ground

Rural hospitals need help from feds to fight ransomware, witnesses tell lawmakers

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics